my network is : INTERNET | | FIREWALL ----- WEB SERVER (ftp server) | | INTERNAL NETWORK (192.168.1.x) i modify FW_MASQ_NETS to write : FW_MASQ_NETS="192.168.1.0/24,0/0,tcp,21 192.168.1.0/24,0/0,tcp,53 192.168.1.0/24,0/0,udp,53 192.168.5.0/24" and since my ftp server doesn't work ! Have you an idea ? --- Togan Muftuoglu a écrit : > * Togan Muftuoglu; on 26 Jan, 2004 wrote:

...

nevertheless you can read more in the unofficial SUSEfirewall2 http://sf.net/projects/susefaq

ps. maybe I should stop cheewing gum and riding a bike

--

Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.

Nisi defectum, haud refiecendum

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com

if i do ping www.yahoo.fr from a client machine, i have no reponse ! --- Frédéric Poulet a écrit : > Hi,

Sorry but it's doesn't work, when i write :

FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80"

my client machines don't find site, problem of dns ?

--- Togan Muftuoglu a écrit : > * Frédéric Poulet; on 26 Jan, 2004 wrote:

...

...

Hi,

I would like to configure my susefirewall to use only the ports 80, 25, 21. How i can do this ?

To let in or to let out

to let in

FW_SERVICES_TCP_EXT="21 25 80"

to let out only 21 and 80

FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80 "

nevertheless you can read more in teh unofficial SUSEfirewall2 http://sf.net/projects/susfaq

HTH --

Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.

Nisi defectum, haud refiecendum

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com

Hi, Sorry but it's doesn't work, when i write : FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80" my client machines don't find site, problem of dns ? --- Togan Muftuoglu a écrit : > * Frédéric Poulet; on 26 Jan, 2004 wrote:

...

Hi,

I would like to configure my susefirewall to use only the ports 80, 25, 21. How i can do this ?

To let in or to let out

to let in

FW_SERVICES_TCP_EXT="21 25 80"

to let out only 21 and 80

FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,21 10.0.1.0/24,0/0,tcp,80 "

nevertheless you can read more in teh unofficial SUSEfirewall2 http://sf.net/projects/susfaq

HTH --

Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.

Nisi defectum, haud refiecendum

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com

My LAN is : INTERNET | | | FIREWALL---------- 192.168.1.1 | | | INTERNAL NETWORK (192.168.1.x) so i wrote FW_MASQ_NETS="192.168.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80" --- Togan Muftuoglu a écrit : > * Frédéric Poulet; on 27 Jan, 2004 wrote:

...

Hi,

Sorry but it's doesn't work, when i write :

FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80"

my client machines don't find site, problem of dns ?

what is your network addresing scheme for your LAN

--

Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.

Nisi defectum, haud refiecendum

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

_________________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com

there is no problem, because the messenger use the port 80 Regards. --- Once upon a time on Thu, 29 Jan 2004 15:31:57 +0100 (CET), wrote:

Hi,

I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?

-- Christian Reichel Desenvolvimento --

So you can use the squid to block the url of messenger.. I thing thats is something like loginnet.passport.msn.com You can set the squid, and look ate the logs. good luck Best regards. --- Once upon a time on Thu, 29 Jan 2004 16:11:09 +0100 (CET), wrote:

ok, but i don't want to block the port 80 (http)

--- Fulano a écrit : > there is no problem, because the messenger use the port 80

...

Regards.

--- Once upon a time on Thu, 29 Jan 2004 15:31:57 +0100 (CET), wrote:

...

Hi,

I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?

-- Christian Reichel Desenvolvimento

--

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout !

Créez votre adresse __ http://mail.yahoo.fr

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

--- -- Christian Reichel Desenvolvimento Aberium Systems Ltda. Centro Empresarial S_o Paulo Rua Maria Coelho Aguiar, 215 - Bloco G - Piso Jardim S_o Paulo - SP - Brasil Tel: 58532264 christian.reichel@aberium.com http://www.aberium.com --

No, unless you know the IP. got it? --- Once upon a time on Thu, 29 Jan 2004 21:13:20 +0100 (CET), wrote:

But with susefirewall i can't do that ?

--- Fulano a écrit : > So you can use the squid to block the url of messenger..

...

I thing thats is something like

loginnet.passport.msn.com

You can set the squid, and look ate the logs.

good luck

Best regards.

--- Once upon a time on Thu, 29 Jan 2004 16:11:09 +0100 (CET), wrote:

...

ok, but i don't want to block the port 80 (http)

--- Fulano a écrit : > there is no problem, because the messenger use the port 80

...

Regards.

--- Once upon a time on Thu, 29 Jan 2004 15:31:57 +0100 (CET), wrote:

...

Hi,

I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?

-- Christian Reichel Desenvolvimento

--

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout !

Créez votre adresse __ http://mail.yahoo.fr

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

---

-- Christian Reichel Desenvolvimento Aberium Systems Ltda. Centro Empresarial S_o Paulo Rua Maria Coelho Aguiar, 215 - Bloco G - Piso Jardim S_o Paulo - SP - Brasil Tel: 58532264 christian.reichel@aberium.com http://www.aberium.com

--

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout !

Créez votre adresse __ http://mail.yahoo.fr

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

--- -- Christian Reichel Desenvolvimento Aberium Systems Ltda. Centro Empresarial S_o Paulo Rua Maria Coelho Aguiar, 215 - Bloco G - Piso Jardim S_o Paulo - SP - Brasil Tel: 58532264 christian.reichel@aberium.com http://www.aberium.com --

Hi, /etc/init.d/SuSEfi* stop ;-)) You could also do echo 1 > /proc/net/ipv4/ip_forward ;-))) But the best would be, you use SuSEfirewall to redirect any Internet traffic to an transparent Proxy. And then watch the proxy logs and ad some deny policies. Greetings Dirk Frédéric Poulet schrieb:

Hi,

I would like to stop the connexion from hotmail messager with susefirewall2, how can i do it ?

Yahoo! Mail: votre e-mail personnel et gratuit qui vous suit partout ! Créez votre adresse à http://mail.yahoo.fr

Frédéric Poulet wrote:

Sorry but it's doesn't work, when i write :

FW_MASQ_NETS="10.0.1.0/24,0/0,tcp,80" FW_SERVICES_TCP_EXT="80"

my client machines don't find site, problem of dns ?

Check the syslog. I bet you will find DROPs because you tried to reach the external IP from the internal network. It's a feature. You must use custom_rules to work around this. -- Have fun, Peter